Detecting SQL Injection Stored Procedures Vulnerability in the Web Application using Fuzzing Technique

Detecting SQL Injection Stored Procedures Vulnerability in the Web Application using Fuzzing Technique

연구 분야: Databases

학회: 2024 IEEE Long Island Systems, Applications and Technology Conference (LISAT)

Web Application is part of our lives. Among many vulnerabilities, SQL injection is one of the most prevalent and exploited vulnerabilities in web applications. A SQL Injection is possible using insufficient validation of user input and metacharacters that are interpreted unintentionally on the database tire. As a result, Stored Procedures (SP) need to be used to protect the database. SP are small programs on the database that execute from the web application. However, not all SP can mitigate SQL injection. Hence the security team tried different tools like Veracode, Burp Suite to find SQL injection issues. This paper introduces a fuzz-testing platform for detecting and validating SP SQL injection vulnerabilities on web applications. We compare the detection techniques based on related works and improve the detection technique for stored procedure vulnerability.